euroblaze | OXID e-Commerce User Blog

Guerrilla marketing “works because it’s simple to understand, easy to implement and outrageously inexpensive,” says Jay Conrad Levinson, the man who coined the phrase.

Consumers have grown immune to big budget advertising, but marketers that expend a bit of time and effort – rather than piles of money – can generate effective results with inexpensive, small-scale stunts.

Take a look at this great example of guerrilla marketing, where promotions costing no more than a few dollars can have a big impact on the consumers:

Source: mashable.com

A Facebook Ad got my attention to a Microsoft promotion video about their Webmatrix web-development IDE, I downloaded and installed it, to mostly figure out if Microsoft is finally putting out software useful for the community.  What really caught my attention was the mention of Open Source CMS systems like Wordpress and Drupal, as installable from a selectable “gallery” of packages.  Alas, as a LAMP developer, I was much disappointed!

Can’t Open Files from FTP

The Webmatrix is only able to work with files on the disk, and doesn’t have the ability to map to FTP folders (such as what tools like UltraEdit do).  So it’s useful to edit files only on the disk, and test it on the pre-packaged IIS.  So if you are a LAMP developer, you’ll probably have to parallely start a WAMP or XAMP service as runtime for development, testing and debugging.

Nice Co-Branding but not Useful

So the mention of Wordpress, Drupal et. al. is great co-branding from MS point of view, but the number of developers deploying these CMS systems on the IIS is miniscule.  So overall, the Webmatrix is of marginal relevance to the web-development community.

To Increase Relevance of Webmatrix..

.. it would be good to be able to map FTP (and SFTP) paths, so that Webmatrix can be used as a powerful HTML/PHP Editor, and still allow to develop in LAMP runtimes.

Since Version 4.4.x the OXID e-Sales software has shipped with an exciting feature to empower a couple of e-business models over and above traditional B2C online-sales.

Private Sales enables building shops targeted at a group of pre-registered users.  This is useful for example for creation of premium sites such as Gilt.com, or the newly launched in Asia Vipcrazy.com.  Similarly it accomodates for creation of shopping clubs.

One of the great applications of Private-Shops is to build Business-to-Business (b2b) e-Commerce/e-Business sites – sites that are targeted to resellers and distributors who need to be pre-registered with the online-vendor.

How Private Sales Works in OXID

OXID Private Sales Login Screen

Any user wishing to enter a site is required to login before seeing product, prices, pictures etc, similar to what login-screen seen on this OXID-Demo-Shop.

Once the user is logged in, she benefits from not only a private shopping area, but also Persistent Shopping-Cart.

Persistent Shopping Carts

Assuming this feature is activated by the Shop-Owner, the shopping-cart remains persistent, which means products taken into the cart remain there for a specific period of time, irrespective of if the user logs out and then back in.

The duration of persistence can be set in /admin by the Shop-Owner.

Configuring a Private Shop in OXID

Private-shops can be configured in OXID using the /admin-Area (refer to Demo-Shop).  The settings can be found under Master Settings > Core Settings > Settings.  Then choose Private Sales.

OXID Private Sales Configuration

Enabling Private Shopping

Private Shopping can be activated/deactivated using the Enable/Disable setting.  This setting restricts access to all the shop-pages, including products, customer-service pages and CMS pages.

Basket Exclusion

If this feature is activated, users will be forced to either finish the order, or empty the basket before then move on to shop in a different category.

Basket expriation

If enabled, shoppers will be able to login and logout of the site for a certain period of time, specified in next setting as number of seconds of validity period (1200 in example below).

Summary

Overall the Private Sales feature in OXID is unique and allows to expand online-sellers’ business model beyond a simple B2C shop.

For taking advantage of our OXID Programming Services to implement your Private-Sales business model, please call or email us from http://www.euroblaze.de/de/kontakt.html.

Let’s face it – we all hate registration forms.  Baring the sick narcissist out there, normal Internet users hate to type in their name, email address, country, postal code etc, every time we want to gain deeper access into a website/portal/web-service.

Programmers and community managers of Internet Portals, e-Commerce Sites and Blogs couldn’t have missed the newest authentication schemes offered by mega-communities like Google, Facebook and Twitter.  Given the millions of users these communities have logged into their authentication databases, the idea is to offer this registration data as authentication-information for 3rd-party sites (like “Mom & Pop’s Screws Online-Shop”).  In effect a user having an account with the major site such as Google, Facebook or Twitter would not need to register again to a 3rd-party site.  They can just tie into the above mega-sites and perform the authentication over their servers.

To mention the most major:

• Google provides OAuth 1.0 for Web Applications
• Facebook provide Facebook Connect
• Twitter provides OAuth as well

However some of these authentication-systems reveal more of your identity related data than is absolutely necessary to perform the authentication.

As a frequent reader of the Mashable Blog, I recently was offered to sign up into the site for commenting on some blog-posts.  The choice was of Facebook Connect and Twitter oAuth.

Feeling Naked on Facebook

The Facebook Connect screen looked as seen below:

Facebook Connect Permission Screen

On a single click on “Allow” Facebook will authenticate the user on behalf of Mashable.  However, notice the remarkable amount of information Facebook wants to provide to the 3rd-party site!   In summary they want to provide the following:

1. You “basic” information, which beats the definition if they are letting out a list of all my friends, so that the 3rd-party site can use the Facebook Graph and extract personal data about all my friends.   Gee, I don’t feel that much like a friend anymore, and who knows which friend of mine reveal my data to CRM/Marketing companies around the Net.
2. Send me email anytime for anything.  That’s not so terrible, but do I want more Email in my life?  No thank you!
3. Post on my Wall.  If I think of my Facebook Wall as space where I can keep my friends updated about whatever is happening at my end, I really wouldn’t want 3rd-party sites to pollute it with all their marketing-info.
4. Did you see the bomb on that screen-shot?  ”Access my data any time”?  And in small greyed out fonts it says “Mashable may access my data when I’m not using the application”, which translated into clear-text means, Mashable can store my data and use it for their marketing (and other) purposes forever, even long after I quit using their site.

The appauling part is that this is not what we sign up into when starting to use Facebook.  Neither is it made clear when Facebook explains the feature to it’s users.  Instead it is hidden away in the nitty-gritty of legal-text.  Compare also the screenshots they have used in their explaination with a real screen we have captured above!

Twitter is no Less Notorious

Below is how a Twitter Permisison page for authentication looks like.

Twitter oAuth Permission Screen

1. Read tweets from my timeline: That’s OK, doesn’t hurt and I’m cool about sharing stuff – so be it!
2. See who I follow and follow them?  Wait, snoop on people I follow and start following them, without their permission?  Again, for all the talk about Social Media, I can’t see what’s social about abusing my profile to be a multiplier for extracting information about my friends/followers!
3. Update my Profile??  Did I read that correctly – this 3rd party service can update my profile-information?  I thought I was the only one who could update my profile! [shaking my head right now]
4. And finally, post tweets on my behalf?  Oh my God!!  What if this 3rd party service was run (or taken over, or infiltrated) by lunatics, and they post on my Twitter feed: “I love OBL-Osama and long-live Jihad?”, or if this service got hacked and messages get spewed onto my feed?  Won’t I be answerable and liable to these posts, even legally?  So why would I allow people to post on my page which bears my pic and name as its owner on it?

As you see, both Twitter and Facebook’s authentication methods allow abuse of your online identity.  It is hence our recommendation to users of Internet services to avoid authentication via Facebook Connect or Twitter oAuth, or at the least, read very very carefully on Permission Screens before clicking the innocent-looking “Allow”!

Have you got into the habit of using Facebook or Twitter for authentication purposes?  Then we’d love to hear from you.  Share your experience by leaving a comment…

We hope to soon post a similar review for Google’s oAuth system, so please stay tuned!

Facebook’s flaut of privacy information continues to be a public concern.  Take for example the ease with which anyone who knows my username can obtain a set of data from me by typing in the following URL in your browser.

http://graph.facebook.com/ashant.chalasani - Try it!

I’m not afraid of revealing this information to existing friends or people I wish to befriend on the Internet, but it was definitely not intended for the scores of marketing and CRM companies who put a dollar-value on such identity related information.

But with a fat list of Terms & Conditions, Facebook is allowing itself to reveal this data to everybody, without offering me a choice to restrict it.